src/patches/dnsmasq/0075-Auth-correct-replies-to-NS-and-SOA-in-.arpa-zones.patch

   1 From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001
   2 From: Simon Kelley <simon@thekelleys.org.uk>
   3 Date: Thu, 16 Apr 2015 15:05:30 +0100
   4 Subject: [PATCH 75/78] Auth: correct replies to NS and SOA in .arpa zones.
   5
   6 ---
   7  CHANGELOG  |  8 ++++++++
   8  src/auth.c | 51 ++++++++++++++++++++++++++++++---------------------
   9  2 files changed, 38 insertions(+), 21 deletions(-)
  10
  11 diff --git a/CHANGELOG b/CHANGELOG
  12 index f2142c71cbdc..0619788e9cef 100644
  13 --- a/CHANGELOG
  14 +++ b/CHANGELOG
  15 @@ -94,6 +94,14 @@ version 2.73
  16             in the auth-zone declaration. Thanks to Johnny S. Lee
  17             for the bugreport and initial patch.
  18
  19 +           Fix authoritative DNS code to correctly reply to NS
  20 +           and SOA queries for .arpa zones for which we are
  21 +           declared authoritative by means of a subnet in auth-zone.
  22 +           Previously we provided correct answers to PTR queries
  23 +           in such zones (including NS and SOA) but not direct
  24 +           NS and SOA queries. Thanks to Johnny S. Lee for
  25 +           pointing out the problem.
  26 +
  27
  28  version 2.72
  29              Add ra-advrouter mode, for RFC-3775 mobile IPv6 support.
  30 diff --git a/src/auth.c b/src/auth.c
  31 index 4a5c39fc5c07..2b0b7d6b052d 100644
  32 --- a/src/auth.c
  33 +++ b/src/auth.c
  34 @@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  35           continue;
  36         }
  37
  38 -      if (qtype == T_PTR)
  39 +      if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) &&
  40 +         (flag = in_arpa_name_2_addr(name, &addr)) &&
  41 +         !local_query)
  42         {
  43 -         if (!(flag = in_arpa_name_2_addr(name, &addr)))
  44 -           continue;
  45 -
  46 -         if (!local_query)
  47 +         for (zone = daemon->auth_zones; zone; zone = zone->next)
  48 +           if ((subnet = find_subnet(zone, flag, &addr)))
  49 +             break;
  50 +
  51 +         if (!zone)
  52             {
  53 -             for (zone = daemon->auth_zones; zone; zone = zone->next)
  54 -               if ((subnet = find_subnet(zone, flag, &addr)))
  55 -                 break;
  56 -
  57 -             if (!zone)
  58 -               {
  59 -                 auth = 0;
  60 -                 continue;
  61 -               }
  62 +             auth = 0;
  63 +             continue;
  64             }
  65 +         else if (qtype == T_SOA)
  66 +           soa = 1, found = 1;
  67 +         else if (qtype == T_NS)
  68 +           ns = 1, found = 1;
  69 +       }
  70
  71 +      if (qtype == T_PTR && flag)
  72 +       {
  73           intr = NULL;
  74
  75           if (flag == F_IPV4)
  76 @@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
  77         }
  78
  79      cname_restart:
  80 -      for (zone = daemon->auth_zones; zone; zone = zone->next)
  81 -       if (in_zone(zone, name, &cut))
  82 -         break;
  83 -
  84 -      if (!zone)
  85 +      if (found)
  86 +       /* NS and SOA .arpa requests have set found above. */
  87 +       cut = NULL;
  88 +      else
  89         {
  90 -         auth = 0;
  91 -         continue;
  92 +         for (zone = daemon->auth_zones; zone; zone = zone->next)
  93 +           if (in_zone(zone, name, &cut))
  94 +             break;
  95 +
  96 +         if (!zone)
  97 +           {
  98 +             auth = 0;
  99 +             continue;
 100 +           }
 101         }
 102
 103        for (rec = daemon->mxnames; rec; rec = rec->next)
 104 --
 105 2.1.0
 106